Forum Discussion

zafer's avatar
zafer
Icon for Nimbostratus rankNimbostratus
Apr 18, 2008

hide os information

Hello,

 

 

when i check the some website from http://news.netcraft.com/ i can see os information How can i hide this information i think its tcp fingerprint issue

 

 

You can test www.msnbc.com

 

 

regards

 

 

Zafer

4 Replies

  • Hi Zafer,

    From what I see on the logs in my IDS/IPS system, hackers random fire any exploit, even when the servers have advertised what the OS is. I see tons of PHP exploits going to IIS servers and exploits against devices that don't have a open OS.

    That's not say you can't make it difficult for the one guy who is out to exploit your site for the day.

    In that case you can hide information from the most common areas

    
    when HTTP_RESPONSE {
        loop through and remove all instances of the unwanted 
        headers from the server response
        (Server, Date, X-Powered-By in this example) 
       foreach header {Server Date X-Powered-By} {
          while { [HTTP::header exists {$header}] } {
             log local0. "Removing- $header: [HTTP::header value {$header}]"
             HTTP::header remove {$header}
          }
      }
    }

    I have never tested this out but it's worth taking look into.

    Also check out HTTP::header wiki (Click here). There is a HTTP::header sanatize command that might do a trick or two

    Thanks,

    CB

  • You can also look at the "HTTP::header sanitize" sub command. This will remove all except the specified headers. There may be tines that you don't know all the headers that contain id information, but most likely you will know all the headers you want to allow through.

     

     

    -Joe
  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    Hoolio's answer really addresses the root of the problem. Until you know what it is they're using to formulate those assumptions, there's no sure fire way to stop them from coming to that conclusion.

     

     

    You can start blocking headers and such randomly in hopes of thwarting them, but without knowing for sure what they're looking at, it's a guessing game at best.

     

     

    Colin
  • zafer's avatar
    zafer
    Icon for Nimbostratus rankNimbostratus
    Hi

     

    i know how can i sanitize server header information but i think u miss understand me.

     

    i want hide Bigip OS information

     

    you can use nesus, nmap and other tools and you can find this box is BIGIP,

     

    F5 Networks Big-IP TCP/IP Fingerprint

     

     

    im looking solution to fix this problem

     

     

    regards

     

     

    zafer